Hacker Tries to Sell Over 9 Million Patient Records on the Dark Web

We have seen quite a few large-scale data leaks in the past two months, that have been sold on the dark web. After LinkedIn and other major breaches that resulted in a huge amount of data being dumped in the so-called dark net, we are now looking at something a little more personal and serious this time. A hacker going by the name of “thedarkoverlord” is claiming to sell over 9 million patient records from health care and insurance databases.

Having reportedly exploited an unknown 0-day vulnerability in the Remote Desktop Protocol (RDP) at five healthcare organizations, the hacker managed to steal these treasure troves. Now, he is selling over 689,000 patient records which include full names, social security numbers, physical addresses, dates of birth, insurance information, race, gender, and more such personal data. Looking at the kind of data that is stored in healthcare databases, we might see in increase in identity theft and fraud cases in the coming months. But then, this is not the first time a health care database has been leaked and sold.

The databases that are being advertised on the Real Deal marketplace allegedly include 48,000 patient records from a healthcare organization in Farmington, Missouri; 210,000 records from Central/Midwest US, and 397,000 records from Atlanta, Georgia. After advertising these three databases, thedarkoverlord then added a fourth database in the mix, with a fresh cache of data 34,621 citizens from a clinic in New York. The data will be offered in plaintext format to those who are willing to pay the hacker. The prices for each of these healthcare records package range from $38,000 to nearly $500,000 for the largest database. $100,000 worth of records from the Georgia database have already been sold.

Thedarkoverlord provided a small sample of 30 patient records from the Georgia dump to Motherboard, who confirmed the leak. “The vast majority of phone numbers went through to the correct person or family home, and one individual confirmed the rest of their details, although the physical address was out of date.”

Healthcare hack and ransomware – a rising trend

This was, however, just a start. After these four rather smaller chunks of data, the same hacker then advertised around 9 million supposed health care insurance details. The hacker isn’t naming any of these organizations, as s/he has threatened them all with a ransom demand. “A modest amount compared to the damage that will be caused to the organizations when I decide to publicly leak the victims,” thedarkoverlord said.

$484,161 or 750 Bitcoins is a high price to pay for this leaked data, even for criminals. Thedarkoverlord previously said the plan is to intimidate the affected organizations into paying ransom, which is perhaps why s/he has kept such high prices.

Health care hacking is becoming a rising trend, as we saw over 113 million medical records being compromised in 2015. The medical industry ranked second in the U.S. data breaches last year, and among the top 10 favorites in the global hacking report published by Verizon. The latest healthcare hack not only confirms this ongoing trend, but also sets a precedent for future ransomware, where people not only have to pay to recover data, but also to protect their externally available data from being leaked.